US8347350B2ExpiredUtilityA1

Systems and methods of controlling network access

89
Assignee: INFOEXPRESS INCPriority: Sep 24, 2003Filed: Feb 10, 2012Granted: Jan 1, 2013
Est. expirySep 24, 2023(expired)· nominal 20-yr term from priority
H04L 63/0876H04L 63/20
89
PatentIndex Score
7
Cited by
112
References
19
Claims

Abstract

A new approach to network security includes manipulating an access point such that an initial communication from an external device is passed to a restricted subset of a computing network including a gatekeeper. The gatekeeper is configured to enforce a security policy against the external device before granting access to a less-restricted subset of the computing network. If requirements of the security policy are satisfied, then the gatekeeper reconfigures the access point such that further communication from the external device may be received by elements of the less-restricted subset. Enforcement of the security policy optionally includes performing a security audit of the external device.

Claims

exact text as granted — not AI-modified
1. A method for network access control, the method comprising:
 receiving audit data pertaining to a device that does not have access to a less-restricted subset of a network; 
 auditing the device in accordance with a security policy based at least in part on the audit data; 
 reconfiguring an access point to allow access to the less-restricted subset of the network in response to the security policy audit; 
 receiving updated audit data pertaining to the device subsequent to reconfiguring the access point; and 
 monitoring continued compliance of the device with the security policy using the updated audit data. 
 
     
     
       2. The method of  claim 1 , wherein monitoring of the device for continued compliance with the security policy includes continued communications with the device. 
     
     
       3. The method of  claim 2 , wherein an interruption of continued communication indicates that the device is no longer compliant. 
     
     
       4. The method of  claim 1 , wherein the access point is reconfigured to allow access to a different subset of the network in response to the device failing to comply with the security policy while being monitored. 
     
     
       5. The method of  claim 1 , wherein the security policy includes authentication of the user of the device. 
     
     
       6. The method of  claim 4 , wherein an agent running on the device collects the audit data. 
     
     
       7. The method of  claim 6 , further comprising updating the device to comply with the security policy when the device fails to comply with the security policy. 
     
     
       8. The method of  claim 6 , wherein the security policy audit is based at least in part on audit data collected by the agent concerning operating system of the device. 
     
     
       9. The method of  claim 6 , wherein the security policy audit is based at least in part on audit data collected by the agent, and that concerns antivirus software on the device. 
     
     
       10. The method of  claim 6 , wherein the security policy audit is based at least in part on audit data collected by the agent, and that concerns other devices coupled to the device. 
     
     
       11. The method of  claim 6 , wherein the security policy audit is based at least in part on audit data collected by the agent, and that concerns registry information of the device. 
     
     
       12. The method of  claim 6 , wherein the security policy audit is based at least in part on audit data collected by the agent, and that concerns a network adapter of the device. 
     
     
       13. The method of  claim 6 , wherein the security policy audit is based at least in part on audit data collected by the agent, and that concerns applications executing on the device. 
     
     
       14. The method of  claim 1 , wherein the security policy audit is based at least in part on information obtained from an active probe of the device. 
     
     
       15. The method of  claim 1 , wherein the security policy audit is based at least in part on information obtained from a third party application or service. 
     
     
       16. The method of  claim 1 , wherein the security policy audit is based at least in part on the information concerning an identity of a user of the device. 
     
     
       17. The method of  claim 1 , wherein monitoring for continued compliance includes a user not logging off of the device. 
     
     
       18. The method of  claim 6 , wherein updated audit data pertaining to the device continues to be received from the agent after reconfiguring the access point. 
     
     
       19. The method of  claim 6 , wherein updated audit data pertaining to the device continues to be received from the agent while the device has access to the less-restricted subset of the network.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.